3 matches found
Microsoft ADFS服务请求头验证远程代码执行漏洞(MS09-070)
BUGTRAQ ID: 37214 CVE ID: CVE-2009-2509 Microsoft Windows是微软发布的非常流行的操作系统。 由于通过认证的用户在连接到启用了活动目录联合服务(ADFS)的Web服务器时没有正确地验证请求头,导致ADFS实现中存在远程代码执行漏洞。远程攻击者可以通过向服务器提交恶意的HTTP请求导致以Worker Process Identity的权限执行任意代码。 Microsoft Windows Server 2008 SP2 Microsoft Windows Server 2008 Microsoft Windows Server 2003...
CVE-2009-2509
In CVE-2009-2509, Active Directory Federation Services (ADFS) on Windows Server 2003 SP2 and Windows Server 2008 SP2/Gold exposes remote code execution due to incorrect validation of HTTP request headers by an authenticated user. A crafted HTTP request to an ADFS-enabled IIS web server can execut...
Microsoft Windows ADFS Remote Code Execution Vulnerability (971726)
This host is missing a critical security update according to Microsoft Bulletin MS09-070. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...